Software and Tools

This page gives an overview of software projects developed in IAIK's Cryptolog and Cryptographic Security group.

ECCelerate

ECCelerate™ is a Java library for elliptic curve cryptography protocols, like
ECDSA, ECDH, ECIES and ECMQV (optional), and offers implementations compliant
with current standards. As of version 3.0, it also provides support for Type-2
and Type-3 bilinear pairings on Barreto-Naehrig curves.

ECDSA with SHA-1/SHA-2 support according to ANSI X9.62-2005 and BSI TR 03111
v1.11

Fast finite field arithmetic in prime fields

Fast finite field arithmetic in binary fields. In binary fields we only use
polynomial base representation. This is mainly because of the patent situation,
but there is no reason to use Gaussian normal bases.

Support for elliptic curve arithmetic with affine and several types of
projective coordinates (Extended Jacobian, Jacobian, Lopez-Dahab, ...)

ECCelerate™ is free to use for educational and research institutions for
educational respectively research purposes. For more information see here.

A Heuristic Tool for Linear Cryptanalysis

One important attack vector, where every recently designed cryptographic primitive should have arguments against, is linear cryptanalysis. The success of such attacks relies on the existence of suitable linear characteristics. The difficulty of finding such characteristics depends on the primitive. For example, the wide-trail design strategy incorporated by AES together with its strong alignment provides lower bounds on the minimum number of active S-boxes in a linear characteristic and therefore, gives an upper bound on the highest possible bias. On the other hand, we have primitives with weak alignment, such as the winner of the SHA-3 competition Keccak, where finding good characteristics is an open problem, and heuristic search results are required to evaluate the security margin of the primitive. This is particularly interesting in the context of the CAESAR competition, where many first round submissions focus their analysis on differential cryptanalysis, but provide only few results for linear cryptanalysis. Hence, we provide a heuristic search tool which is capable of finding linear characteristics, even for primitives with a relatively large state, and without a strongly aligned structure.